9,513
社区成员
发帖
与我相关
我的任务
分享关于ldrloaddll的问题。
测试程序利用detours库hook的LoadLibraryEx,但是结果不理想,所以准备换成hook ldrloaddll。示范代码如下:
typedef LPVOID ( WINAPI * pLdrLoadDll ) (PWSTR DllPathEnv,
PULONG DllCharacteristics,
PUNICODE_STRING DllPath,
PVOID *DllHandle);
pLdrLoadDll pAddr = NULL;
NTSTATUS NTAPI Mine_LdrLoadDll( IN PWCHAR pszSearchPath,
IN PULONG puDllCharacteristics ,
IN PUNICODE_STRING pusDllName,
OUT PVOID * phDllHandle)
{
//。。。。。。。。。。。。
return (NTSTATUS)pAddr( pszSearchPath ,puDllCharacteristics,pusDllName,phDllHandle);
}
//DllMain函数
BOOL WINAPI DllMain(HINSTANCE hInstDll, DWORD fdwReason, LPVOID lpvReserved)
{
//动态获取
HINSTANCE hDll = LoadLibrary("ntdll.dll");
pAddr=(pLdrLoadDll)GetProcAddress(hDll,"LdrLoadDll");
if (DLL_PROCESS_ATTACH == fdwReason)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pAddr , Mine_LdrLoadDll);
DetourTransactionCommit();
}
else if (DLL_PROCESS_DETACH == fdwReason)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pAddr, Mine_LdrLoadDll);
DetourTransactionCommit();
}
return TRUE;
}
但是程序报错:
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(106) : warning C4066: characters beyond first in wide-character constant ignored
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(311) : error C2143: syntax error : missing ';' before '__stdcall'
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(311) : error C2501: 'NTSTATUS' : missing storage-class or type specifiers
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(317) : error C2146: syntax error : missing ';' before identifier 'pAddr'
编译环境是vc6.是少头文件,还是detours库不能hook native API?
菜菜问题,各位见笑啊。望指教。谢谢!
typedef LPVOID ( WINAPI * pLdrLoadDll ) (PWSTR DllPathEnv,
PULONG DllCharacteristics,
PUNICODE_STRING DllPath,
PVOID *DllHandle);
pLdrLoadDll pAddr = NULL;
NTSTATUS NTAPI Mine_LdrLoadDll( IN PWCHAR pszSearchPath,
IN PULONG puDllCharacteristics ,
IN PUNICODE_STRING pusDllName,
OUT PVOID * phDllHandle)
{
//。。。。。。。。。。。。
return (NTSTATUS)pAddr( pszSearchPath ,puDllCharacteristics,pusDllName,phDllHandle);
}
//DllMain函数
BOOL WINAPI DllMain(HINSTANCE hInstDll, DWORD fdwReason, LPVOID lpvReserved)
{
//动态获取
HINSTANCE hDll = LoadLibrary("ntdll.dll");
pAddr=(pLdrLoadDll)GetProcAddress(hDll,"LdrLoadDll");
if (DLL_PROCESS_ATTACH == fdwReason)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pAddr , Mine_LdrLoadDll);
DetourTransactionCommit();
}
else if (DLL_PROCESS_DETACH == fdwReason)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pAddr, Mine_LdrLoadDll);
DetourTransactionCommit();
}
return TRUE;
}
但是程序报错:
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(106) : warning C4066: characters beyond first in wide-character constant ignored
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(311) : error C2143: syntax error : missing ';' before '__stdcall'
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(311) : error C2501: 'NTSTATUS' : missing storage-class or type specifiers
F:\code\detours\MyDetours1018\MyDetours\MyDetours\MyDetoursDll_2008\MyDetoursDll.cpp(317) : error C2146: syntax error : missing ';' before identifier 'pAddr'
编译环境是vc6.是少头文件,还是detours库不能hook native API?
菜菜问题,各位见笑啊。望指教。谢谢!
...全文
请发表友善的回复…
发表回复
qqqqqqpppp 2011-11-16
- 打赏
- 举报
各位帮帮忙啦!
